
<!DOCTYPE html>
<!--

    Copyright (c) 2017, 2019 Oracle and/or its affiliates. All rights reserved.

    This program and the accompanying materials are made available under the
    terms of the Eclipse Public License v. 2.0, which is available at
    http://www.eclipse.org/legal/epl-2.0.

    This Source Code may also be made available under the following Secondary
    Licenses when the conditions for such availability set forth in the
    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
    version 2 with the GNU Classpath Exception, which is available at
    https://www.gnu.org/software/classpath/license.html.

    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

-->
<!-- Portions Copyright [2019] [Payara Foundation and/or its affiliates] -->
<html lang="en">
  <head>
    <meta charset="utf-8"/>
    <title>enable-secure-admin-internal-user</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link href="css/style.css" rel="stylesheet">
    <script src="https://use.fontawesome.com/96c4d89611.js"></script>
  </head>
  <body>
<table id="doc-title" cellspacing="0" cellpadding="0">
  <tr>
  <td align="left" valign="top">
  <b>enable-secure-admin-internal-user</b><br />
  </td>
  </tr>
</table>
<hr />

<table width="90%" id="top-nav" cellspacing="0" cellpadding="0">
	<colgroup>
		<col width="12%"/>
		<col width="12%"/>
		<col width="*"/>
	</colgroup>
	<tr>
		<td align="left">
		<a href="enable-secure-admin.html">
			<span class="vector-font"><i class="fa fa-arrow-circle-left" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Previous</span>
		</a>
		</td>

		<td align="left">
		<a href="enable-secure-admin-principal.html">
			<span class=" vector-font"><i class="fa fa-arrow-circle-right vector-font" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Next</span>
		</a>
		</td>

		<td align="right">
		<a href="toc.html">
			<span class=" vector-font"><i class="fa fa-list vector-font" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Contents</span>
		</a>
		</td>
	</tr>
</table>


<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p><a id="enable-secure-admin-internal-user-1"></a><a id="GSRFM00130"></a><a id="enable-secure-admin-internal-user"></a></p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_enable_secure_admin_internal_user">enable-secure-admin-internal-user</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Instructs the \{product---name} DAS and instances to use the specified
admin user and the password associated with the password alias to
authenticate with each other and to authorize admin operations.</p>
</div>
<div id="sthref1135" class="paragraph">
<p>Synopsis</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="prettyprint highlight"><code class="language-oac_no_warn" data-lang="oac_no_warn">asadmin [asadmin-options] enable-secure-admin-internal-user [--help]
[--passwordalias pwdaliasname]
admin-username</code></pre>
</div>
</div>
<div id="sthref1136" class="paragraph">
<p>Description</p>
</div>
<div class="paragraph">
<p>The <code>enable-secure-admin-internal-user</code> subcommand instructs all servers
in the domain to authenticate to each other, and to authorize admin
operations submitted to each other, using an existing admin username and
password rather than SSL certificates. This generally means that you
must:</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Create a valid admin user.<br></p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre>asadmin&gt; create-file-user --authrealmname admin-realm --groups
asadmin newAdminUsername</pre>
</div>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Create a password alias for the just-created password.<br></p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre>asadmin&gt; create-password-alias passwordAliasName</pre>
</div>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Use that user name and password for inter-process authentication and
admin authorization.<br></p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre>asadmin&gt; enable-secure-admin-internal-user
--passwordalias passwordAliasName
newAdminUsername</pre>
</div>
</div>
<div class="paragraph">
<p>If \{product---name} finds at least one secure admin internal user, then
if secure admin is enabled \{product---name} processes will not use SSL
authentication and authorization with each other and will instead use
username password pairs.</p>
</div>
<div class="paragraph">
<p>If secure admin is enabled, all \{product---name} processes continue to
use SSL encryption to secure the content of the admin messages,
regardless of how they authenticate to each other.</p>
</div>
<div class="paragraph">
<p>Most users who use this subcommand will need to set up only one secure
admin internal user. As a general practice, you should not use the same
user name and password pair for internal admin communication and for
admin user login.</p>
</div>
<div class="paragraph">
<p>If you set up more than one secure admin internal user, you should not
make any assumptions about which user name and password pair
\{product---name} will choose to use for any given admin request.</p>
</div>
<div id="sthref1137" class="paragraph">
<p>Options</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">asadmin-options</dt>
<dd>
<p>Options for the <code>asadmin</code> utility. For information about these
options, see the <a href="asadmin.html#asadmin-1m"><code>asadmin</code>(1M)</a> help page.</p>
</dd>
<dt class="hdlist1"><code>--help</code></dt>
<dt class="hdlist1"><code>-?</code></dt>
<dd>
<p>Displays the help text for the subcommand.</p>
</dd>
<dt class="hdlist1"><code>--passwordalias</code></dt>
<dd>
<p>The password alias for the user that \{product---name} should use for
internally authenticating and authorizing the DAS to instances and the
instances to the DAS.</p>
</dd>
</dl>
</div>
<div id="sthref1138" class="paragraph">
<p>Operands</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">admin-username</dt>
<dd>
<p>The admin user name that \{product---name} should use for internally
authenticating and authorizing the DAS to instances and the instances
to the DAS.</p>
</dd>
</dl>
</div>
<div id="sthref1139" class="paragraph">
<p>Examples</p>
</div>
<div class="paragraph">
<p><a id="GSRFM607"></a><a id="sthref1140"></a></p>
</div>
<div class="paragraph">
<p>Example 1   Specifying a user name and password for secure admin</p>
</div>
<div class="paragraph">
<p>The following example allows secure admin to use a user name and
password alias for authentication and authorization between the DAS and
instances, instead of certificates.</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="prettyprint highlight"><code class="language-oac_no_warn" data-lang="oac_no_warn">asadmin&gt; enable-secure-admin-internal-user
--passwordalias passwordAliasName
newAdminUsername</code></pre>
</div>
</div>
<div id="sthref1141" class="paragraph">
<p>Exit Status</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">0</dt>
<dd>
<p>subcommand executed successfully</p>
</dd>
<dt class="hdlist1">1</dt>
<dd>
<p>error in executing the subcommand</p>
</dd>
</dl>
</div>
<div id="sthref1142" class="paragraph">
<p>See Also</p>
</div>
<div class="paragraph">
<p><a href="asadmin.html#asadmin-1m"><code>asadmin</code>(1M)</a></p>
</div>
<div class="paragraph">
<p><a href="disable-secure-admin-internal-user.html#disable-secure-admin-internal-user-1"><code>disable-secure-admin-internal-user</code>(1)</a>,
<a href="enable-secure-admin.html#enable-secure-admin-1"><code>enable-secure-admin</code>(1)</a></p>
</div>
</div>
</div>

<hr />

<table width="90%" id="bottom-nav" cellspacing="0" cellpadding="0">
	<colgroup>
		<col width="12%"/>
		<col width="12%"/>
		<col width="*"/>
	</colgroup>
	<tr>		
		<td align="left">
		<a href="enable-secure-admin.html">
			<span class=" vector-font"><i class="fa fa-arrow-circle-left" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Previous</span>
		</a>
		</td>

		<td align="left">
		<a href="enable-secure-admin-principal.html">
			<span class="vector-font"><i class="fa fa-arrow-circle-right vector-font" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Next</span>
		</a>
		</td>

		<td align="right">
		<a href="toc.html">
			<span class="vector-font"><i class="fa fa-list vector-font" aria-hidden="true"></i></span>
			<span style="position:relative;top:-2px;">Contents</span>
		</a>
		</td>
	</tr>
</table>

<span id="copyright">
        <img src="/resource/reference/img/eclipse_foundation_logo_tiny.png" height="20px" alt="Eclipse Foundation Logo" align="top"/>&nbsp;            
        <span >Copyright&nbsp;&copy;&nbsp;2019,&nbsp;Oracle&nbsp;and/or&nbsp;its&nbsp;affiliates.&nbsp;All&nbsp;rights&nbsp;reserved.</span>
</span>

</body>
</html>
